Laws of Physics Say Quantum Cryptography Is Unhackable. It’s Not

The beam splitter in a quantum cryptography unit created for the European Union's Integrated Project Qubit Applications. Photo:Anders Sandberg/Flickr

In the never-ending arms race between secret-keepers and code-breakers, the laws of quantum mechanics seemed to have the potential to give secret-keepers the upper hand. A technique called quantum cryptography can, in principle, allow you to encrypt a message in such a way that it would never be read by anyone whose eyes it isn’t for.

Enter cold, hard reality. In recent years, methods that were once thought to be fundamentally unbreakable have been shown to be anything but. Because of machine errors and other quirks, even quantum cryptography has its limits.

“If you build it correctly, no hacker can hack the system. The question is what it means to build it correctly,” said physicist Renato Renner from the Institute of Theoretical Physics in Zurich, who will present a talk on calculating the failure rate of different quantum cryptography systems at the 2013 Conference on Lasers and Electro-Optics in San Jose, California on June 11.

Regular, non-quantum encryption can work in a variety of ways but generally a message is scrambled and can only be unscrambled using a secret key. The trick is to make sure that whomever you’re trying to hide your communication from doesn’t get their hands on your secret key. Cracking the private key in a modern crypto system would generally require figuring out the factors of a number that is the product of two insanely huge prime numbers. The numbers are chosen to be so large that, with the given processing power of computers, it would take longer than the lifetime of the universe for an algorithm to factor their product.

But such encryption techniques have their vulnerabilities. Certain products – called weak keys – happen to be easier to factor than others. Also, Moore’s Law continually ups the processing power of our computers. Even more importantly, mathematicians are constantly developing new algorithms that allow for easier factorization.

Quantum cryptography avoids all these issues. Here, the key is encrypted into a series of photons that get passed between two parties trying to share secret information. The Heisenberg Uncertainty Principle dictates that an adversary can’t look at these photons without changing or destroying them.

“In this case, it doesn’t matter what technology the adversary has, they’ll never be able to break the laws of physics,” said physicist Richard Hughes of Los Alamos National Laboratory in New Mexico, who works on quantum cryptography.

But in practice, quantum cryptography comes with its own load of weaknesses. It was recognized in 2010, for instance, that a hacker could blind a detector with a strong pulse, rendering it unable to see the secret-keeping photons.

Renner points to many other problems. Photons are often generated using a laser tuned to such a low intensity that it’s producing one single photon at a time. There is a certain probability that the laser will make a photon encoded with your secret information and then a second photon with that same information. In this case, all an enemy has to do is steal that second photon and they could gain access to your data while you’d be none the wiser.

Alternatively, noticing when a single photon has arrived can be tricky. Detectors might not register that a particle has hit them, making you think that your system has been hacked when it’s really quite secure.

“If we had better control over quantum systems than we have with today’s technology” then perhaps quantum cryptography could be less susceptible to problems, said Renner. But such advances are at least 10 years away.

Still, he added, no system is 100 percent perfect and even more advanced technology will always deviate from theory in some ways. A clever hacker will always find a way to exploit such security holes.

Any encryption method will only be as secure as the humans running it, added Hughes. Whenever someone claims that a particular technology “is fundamentally unbreakable, people will say that’s snake oil,” he said. “Nothing is unbreakable.”

Renner is trying to work on cryptographic principles that would allow a high measure of security no matter the technological limitations. These could be simple things, like purposely sending multiple photons and checking to see if one gets stolen, thereby establishing that an adversary has hacked your line.

Or they could exploit other principles of quantum mechanics, like the possibility of entangling two photons. Entangled particles are created in such a way that they will always behave the same way no matter the distance between them. Measure the properties of one member of the entangled pair and you instantly know that the other shares these characteristics. Parties could encode a key into a pair of entangled photons and then each take one. An enemy that intercepted or stole one of the photons would be unable to replace it because the new photon would not be entangled. When the two original parties measured their photons and saw that their properties didn’t line up, they would know that they’ve been hacked.

But Hughes points out that in quantum cryptography, just like in conventional cryptography, certain practices have to be followed to prevent hacks.

“Don’t write your password on a post-it and keep it on your monitor, don’t use a known weak key, that’s how these things are done in practice,” he said. Human beings will always have certain weaknesses and foibles, he added. “We are susceptible to blackmail or bribery.”

Still, Hughes points out that quantum cryptography offers many advantages. In a smart grid – a power grid in which information on usage is used to improve efficiency – it is important that the various control centers understand exactly what the electricity is doing in different areas. Passing around such information leaves smart grids susceptible to hackers, who could cause major chaos in a city by taking over the network.

Smart grids need to react to changes quickly lest some part of the system get damaged from electricity overflows. But traditional cryptography usually requires time and processing power to encrypt and decrypt the large numbers used as keys. The computers used in such cryptography could drive up the price of a smart grid. Quantum cryptography, on the other hand, simply requires pushing around some photons and the computations for decryption are much less complicated.